Commit graph

12694 commits

Author SHA1 Message Date
Michael Golowka fc0ed96066
DBPW - Revert AutoMTLS (#10065) 2020-09-30 17:08:37 -06:00
Hridoy Roy 649cef00f8
updated changelog to reflect Enterprise fix [VAULT-507] (#10056)
* updated changelog

* fix changelog

Co-authored-by: HridoyRoy <hridoyroy@Hridoys-MacBook-Pro.local>
Co-authored-by: HridoyRoy <hridoyroy@Hridoys-MBP.hitronhub.home>
2020-09-30 14:39:43 -07:00
Calvin Leung Huang d903095b3b
changelog++ 2020-09-29 18:10:44 -07:00
Calvin Leung Huang 90a3f32771
agent: return a non-zero exit code on error (#9670)
* agent: return a non-zero exit code on error

* agent/template: always return on template server error, add case for error_on_missing_key

* agent: fix tests by updating Run params to use an errCh

* agent/template: add permission denied test case, clean up test var

* agent: use unbuffered errCh, emit fatal errors directly to the UI output

* agent: use oklog's run.Group to schedule subsystem runners (#9761)

* agent: use oklog's run.Group to schedule subsystem runners

* agent: clean up unused DoneCh, clean up agent's main Run func

* agent/template: use ts.stopped.CAS to atomically swap value

* fix tests

* fix tests

* agent/template: add timeout on TestRunServer

* agent: output error via logs and return a generic error on non-zero exit

* fix TestAgent_ExitAfterAuth

* agent/template: do not restart ct runner on new incoming token if exit_after_auth is set to true

* agent: drain ah.OutputCh after sink exits to avoid blocking on the channel

* use context.WithTimeout, expand comments around ordering of defer cancel()
2020-09-29 18:03:09 -07:00
Michael Golowka 3a03be14e1
Make username generation in SQLCredentialsProducer available without an instance (#10050) 2020-09-29 16:54:34 -06:00
Andy Assareh ab7cd4f8db
corrected typo in "certificate" (#9916) 2020-09-28 17:39:01 -07:00
Andy Assareh 818120b401
corrected a missing noun (#9917) 2020-09-28 17:38:39 -07:00
aphorise 101855f365
UI - Added success message to core for the copy-buttn action in masked-inputs view. Resolves: #7321 (#9808) 2020-09-28 16:52:06 -07:00
Wacław Schiller 5d419f73c3
Minor fix to audit documentation (#10047) 2020-09-28 16:04:45 -07:00
Theron Voran 33971407ad
changelog++ 2020-09-28 14:08:52 -07:00
Theron Voran 52581cd472
Add logging during awskms auto-unseal (#9794)
Adds debug and warn logging around AWS credential chain generation,
specifically to help users debugging auto-unseal problems on AWS, by
logging which role is being used in the case of a webidentity token.

Adds a deferred call to flush the log output as well, to ensure logs
are output in the event of an initialization failure.
2020-09-28 14:06:49 -07:00
Hridoy Roy d7a673321d
Retry Logic to Mssql Tests [VAULT-637] (#10039)
* added retry to mssql testing

* setting num retry to 3

* removed a comment and moved svc into loop

Co-authored-by: HridoyRoy <hridoyroy@Hridoys-MacBook-Pro.local>
Co-authored-by: HridoyRoy <hridoyroy@Hridoys-MBP.hitronhub.home>
2020-09-28 09:03:23 -07:00
Sam Salisbury 98fe5029b0
Packagespec v0.1.2/master (#9995)
* packagespec v0.1.2 - prep: remove unneeded code

* packagespec v0.1.2 - packagespec init

* packagespec v0.1.2 - make packages

* packagespec v0.1.3 - make packages
2020-09-28 13:53:39 +01:00
Jim Kalafut d6cf73e6cd
changelog++ 2020-09-25 17:21:43 -07:00
Billy Keyes 26e8627cfc
Use us-gov-west-1 for global APIs in aws-us-gov (#9947)
* Use us-gov-west-1 for global APIs in aws-us-gov

Certain partition-global AWS services, like IAM, seem to require
specific regions. In the regular 'aws' partition, this is us-east-1. In
the 'aws-us-gov' partition, this is us-gov-west-1. Providing
us-gov-east-1 returns an error from AWS:

  SignatureDoesNotMatch: Credential should be scoped to a valid region, not 'us-gov-east-1'.

This resolves a problem where AWS authentication could randomly fail
depending on the value cached by Vault at startup.
2020-09-25 17:13:26 -07:00
Meggie 1d1011bc9f
changelog++
1.5.5 section
2020-09-25 15:18:27 -04:00
ncabatoff a1a9889f81
changelog++ 2020-09-25 14:32:49 -04:00
Theron Voran 2ba19c3f16
Update k8s auth docs for new parameter (#9992)
Adds info about the disable_local_ca_jwt parameter.

Co-authored-by: Clint <catsby@users.noreply.github.com>
2020-09-25 11:17:28 -07:00
Meggie 44b255ab61
Updating version for website to 1.5.4 (#10040) 2020-09-25 13:50:09 -04:00
Theron Voran 8b20c04eb1
Update to vault-plugin-auth-kubernetes@master (#10004) 2020-09-24 15:44:06 -07:00
Scott Miller a8cbda1713
Add retry to TestPostgresqlBackend (#10032) 2020-09-24 16:19:11 -05:00
Meggie 34b7b4bde6
changelog++
Updated with security content for new 1.5.4 and 1.4.7.
2020-09-24 16:46:10 -04:00
Josh Black da34497041
changelog++ 2020-09-24 13:37:48 -07:00
mgritter db99f5a14f Move entries to correct release. 2020-09-23 16:23:33 -07:00
Jim Kalafut 427cca9ce9
changelog++ 2020-09-23 16:10:27 -07:00
Scott G. Miller 0bf207f96c changelog++ 2020-09-23 18:04:12 -05:00
Josh Black 7c34eeada8
changelog++ 2020-09-23 15:59:00 -07:00
Michael Golowka 41d8c89169
[DBPW 5/X] Use AutoMTLS with DB plugins (#10008) 2020-09-23 16:08:03 -06:00
Brian Kassouf ffcff10151
changelog++ 2020-09-23 12:34:15 -07:00
Brian Kassouf b0d3d9bf49
Update lease timer logic (#10030) 2020-09-23 11:46:22 -07:00
Tom Proctor 64d899da52
Update CHANGELOG.md (#10029) 2020-09-23 19:13:21 +01:00
ncabatoff 3fb20ed529
Logging tweaks, mostly for tests (#10028)
Fix some places where raft wasn't hooking into the core logger as it should.
Revisited the code that was setting the log level to Error during cleanup: it's normal for there to be a bunch of errors then, which makes it harder to see what went wrong up to the point where the test was deemed to have failed.  So now, instead of setting log level to Error, we actually stop logging altogether.  This only applies if the test didn't pass in its own logger during cluster creation, but we should be moving away from that anyway.
2020-09-23 13:40:00 -04:00
Hridoy Roy c595244482
Normalize format output for vault status [VAULT-508] (#9976)
* normalize format output for vault status

* interim commit

* interim commit

* make formatting idiomatic

* clean up comments

* added formatting test

* updated comments in format test to match godocs

Co-authored-by: HridoyRoy <hridoyroy@Hridoys-MBP.hitronhub.home>
Co-authored-by: HridoyRoy <hridoyroy@Hridoys-MacBook-Pro.local>
2020-09-23 10:30:01 -07:00
Brian Kassouf b29acbc605
Update version_base.go 2020-09-22 15:59:03 -07:00
Brian Kassouf 3f30fc5f4e
Port changes from enterprise lease fix (#10020) 2020-09-22 14:47:13 -07:00
Lauren Voswinkel 3cc15ba146
changelog++ 2020-09-22 14:17:10 -07:00
Scott G. Miller 1c3d915042 changelog++ 2020-09-22 15:02:39 -05:00
Mark Gritter 38ae7efca3
Switch to PerfStandby() where possible. (#9993) 2020-09-22 14:48:30 -05:00
Hridoy Roy a20fe5c066
moved the documentation to kv2 page (#10017)
Co-authored-by: HridoyRoy <hridoyroy@Hridoys-MacBook-Pro.local>
2020-09-22 11:58:00 -07:00
Vishal Nayak 60fefde1ac changelog++ 2020-09-22 14:36:25 -04:00
Lauren Voswinkel 201fc8fd4d
Add content-sha256 as a default allowed STS header (#10009)
Also, alphabetize those headers... just because.
2020-09-22 10:02:37 -07:00
ncabatoff f8599a1670
changelog++ 2020-09-22 09:57:34 -04:00
Marco Rieger b634e1964d
fix missing plaintext in bulk decrypt response (#9991)
Decrypting an ciphertext where its corresponding value equals empty, the payload property "plaintext" is missing in the response object. This fixes the problem by adding a new, distinct struct for decrypt batch response items where "omitempty" is not set.
2020-09-22 09:43:07 -04:00
Lauren Voswinkel 15e608c0ed
Update AD secret engine docs for root cred rotation (#9990) 2020-09-21 16:21:14 -07:00
Chelsea Shaw 2289c9ef1d
CRUD for transform alphabets (#9989)
includes tests for templates and alphabets
2020-09-21 15:36:07 -05:00
Meggie 9190860cc0
docs: Change sidebar labeling to use Integrated Storage (#10002)
I changed some verbiage in the page as well.
2020-09-21 15:55:36 -04:00
Theron Voran 6a23328308
changelog++ 2020-09-21 12:00:21 -07:00
Vishal Nayak daa2c2b1e4 changelog++ 2020-09-21 13:56:51 -04:00
Vishal Nayak 4f3c833b94 Vendor diff 2020-09-21 13:43:21 -04:00
Mike Green 9eb1fb1df4
minor only ha_storage clarification (#10001) 2020-09-21 13:06:03 -04:00